Adobe and Oracle delay their patch days - Update
Both Adobe and Oracle have delayed planned October releases of security updates for their products. Oracle's reason for delaying its patch day is the OpenWorld 2009 Oracle conference taking place from 11th to 15th October, which generally attracts large numbers of administrators responsible for Oracle installations. Since this would force administrators to choose between not attending the conference and delaying installation of the updates, the vendor has decided to put its quarterly Critical Patch Update (CPU) back a week from 13th to 20th October. Subsequent CPUs will then revert to the normal schedule: 12th January 2010, 13th April 2010 and 13th July 2010.
Adobe cites the vulnerabilities in Microsoft's Active Template Library (ATL), which affected multiple products, as its reasons for delaying its quarterly patch cycle, introduced just this spring. Because fixing these vulnerabilities has taken priority over fixing vulnerabilities discovered internally, Adobe has told US media that the revised release date will be 13th October. In response to enquiries from heise Security, however, Adobe was unable to provide a link to any kind of public announcement of the delay or the new release date. Instead, Adobe's Global Security Operations Center responded, "The Adobe website will have detailed information when patches are ready for users, they will be posted there with all the instructions." In other words, "when it's done."
Update - Abobe's Director of Product Security, Brad Arkin, contacted The H Security with details of the next scheduled update for Adobe Acrobat and Reader; the update is due on October the 13th.
- Adobe and Cisco extensions vulnerable to Microsoft's ATL problems, a report from The H.
- Adobe to release quarterly security updates, a report from The H.